CVE-2014-9087

2014-12-0115:59:00

CWE-191

[email protected]

web.nvd.nist.gov

cve

2014

9087

integer underflow

libksba

denial of service

crash

buffer overflow

nvd

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.5%

JSON

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

CPENameOperatorVersion
mageia:mageiamageiaeq3.0
mageia:mageiamageiaeq4.0
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
gnupg:libksbagnupg libksbalt1.3.2
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
gnupg:gnupggnupgeq2.1.0

CPE	Name	Operator	Version
mageia:mageia	mageia	eq	3.0
mageia:mageia	mageia	eq	4.0
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
gnupg:libksba	gnupg libksba	lt	1.3.2
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
gnupg:gnupg	gnupg	eq	2.1.0